Search Bit Rot

#Python

This is going to be a down and dirty post about about using neo4j to graphically plot and analyze the relationships between Wi-fi nodes using the air around us. This is not anything new or novel. Sensepost released their Snoopy platform back in ~2012 that does largely the same thing using Patvera’sMaltego. This shows some of the powerful insights that you can create by using a few lines of code, and a graphing database.

While exploring some additional VPN options for work, I decided to give NordVPN a try. They have a plethora of exit nodes, and have generally decent user feedback and claims that they do not log traffic. NordVPN’s Linux client is essentially a zip file full of OpenVPN configuration files. There are some other projects for managing NordVPN connections, but I decided to have a quick go at creating a graphical bare bones interface using Python and Flask.

In this article, we will take a look at a technique for bug hunting in Open Source projects by using version tracking
information. In this particular case, we will look at Firefox and their
Mercurial setup. By identifying patches that are connected to bugs with public
reading turned off, we are able to identify specific fixes for potential security issues in a major web browser, often
before releases are pushed. This is also an excellent way of coming up with Proof of Concept code for N-day bugs.

I decided to take a look at some XMPP servers that are listed on Shodan and
poke around at their settings in regards to SSL/TLS. The XMPP protocol allows for securing connections cryptographically
through use of STARTTLS feature for securing normally
plaintext protocols.

Address Sanitizer (ASan) is a memory corruption
detection mechanism built into both clang and gcc. It is
capable of detecting the following conditions: use after free, heap buffer overflow, stack buffer overflow,
global buffer overflow, use after return, use after scope, initialization order, and memory leaks. It is often
combined with fuzzing techniques in order to alert on bugs that may not have otherwised crashed the target application.
While targeting large applications, it is common to end up with hundreds to thousands of crash reports. Depending
on your fuzzing framework, many of these may be duplicates. This python script will parse
ASan crash reports and group them based on the backtrace information.

There’s a lot of buzz around BitCoin right now. A lot of people frequent going to CoinBase or Google to find the price of BitCoin. I decided to make a automated script that would text you the price of BitCoin using Python. I used CoinBase API along with Twilio API to complete this task. There are ways to use python SMS without Twilio but I won’t be covering that here.

While this might not be Red Team related I feel it’s relevant in helping people with python, automation, and SMS. This same method could be used for automated texting to you if an engagement were successful. For example if a victim enters credentials to your C2, real time updating from implants, etc. You get the idea.

Pupy is an open source, cross-platform (Windows, Linux, OSX, Android) remote
administration and post-exploitation tool mainly written in Python. It’s easily
expandable, and includes stackable network transports for C2 communication. It’s for this reason, that I
recently chose it as a base for a Red Team operation against a “security-tough” target.

Requirements

I knew that the target had a corporate proxy, and most likely had SSL decryption capabilities. Therefore,
all stages of the payload needed to be proxy aware. Pupy offers the auto_proxy option, but may require
some tweaking to get a desired payload stages to be aware of default proxies. The engagement time per the
scope was limited, so the RAT also needed to be easy to work with. I typically work with Python during
my day to day, so this was the perfect fit.